mirror of
https://review.haiku-os.org/haiku
synced 2025-02-07 14:25:58 +01:00
de777b79eb
We do not know anything about the symbols we are being asked to demangle; it is entirely possible they are malformed, or that we parse them incorrectly, which previously led to buffer overflows. E.g. the "2","8" in "SetTo__Q28_GLOBAL_" is presently incorrectly parsed as a length, leading to an access 21 bytes past the end of the string. This caused a page fault under the guarded heap, a fact I had the misfortune to discover when trying to attach Debugger to a guarded-heap'd application which somehow ran the demangler under the guarded heap also, and that symbol above was in runtime_loader, so it crashed while loading its symbols. So now we do what the GCC3+ demangler does here, and keep track of the input buffer through the use of a state class, which will prevent us from incrementing past the buffer's end. I've tested this patch using the new haikuc++filt utility against libtracker (indeed, it took multiple rounds of testing to get the diff to be 0 bytes) and it seems to work exactly as before, though now without out-of-bounds accesses. As this demangler is also used in the kernel, it's possible that some triple-faults on x86_gcc2[h] are caused by this bug (although that would be rare; one of the incorrectly-parsed symbols would have to be in the stack trace, and then it would have to read past the end of the buffer containing the symbol.) Change-Id: I343991cebd7d2887812c8c6b3dc2e0df2fcd79fa Reviewed-on: https://review.haiku-os.org/579 Reviewed-by: waddlesplash <waddlesplash@gmail.com>